Re: Comments on draft-ietf-ipsec-new-auth-00.txt
"C. Harald Koch" <chk@utcc.utoronto.ca> Wed, 23 April 1997 18:41 UTC
Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id OAA09611 for ipsec-outgoing; Wed, 23 Apr 1997 14:41:39 -0400 (EDT)
Message-Id: <97Apr23.144337edt.11650@janus.border.com>
To: Thomas Narten <narten@raleigh.ibm.com>
cc: dpkemp@missi.ncsc.mil, ipsec@tis.com
Subject: Re: Comments on draft-ietf-ipsec-new-auth-00.txt
References: <9704181331.AA15062@cichlid.raleigh.ibm.com>
In-reply-to: narten's message of "Fri, 18 Apr 1997 08:31:20 -0400". <9704181331.AA15062@cichlid.raleigh.ibm.com>
From: "C. Harald Koch" <chk@utcc.utoronto.ca>
Date: Wed, 23 Apr 1997 14:47:40 -0400
Sender: owner-ipsec@ex.tis.com
Precedence: bulk
In message <9704181331.AA15062@cichlid.raleigh.ibm.com>, Thomas Narten writes: > I also agree, and have been disheartened by the number of times the > above question has been asked but not answered. Indeed, it has been > my impression that the vast majority of IP packets are delivered in > order (one reason why TCP's header prediction works well in > practice). It is rare in practice to have packets arrive out of > order. Which begs the question of whether a window is even > needed. Does someone have data that argues otherwise? Two sample points, my internet firewalls (A good place to look, since they re-synthesize all TCP streams in/out. This is roughly akin to combining the statistics for all 100 hosts behind the firewalls...). ----- elgreco ----- 2:39pm up 11 days, 4:51, 1 user, load average: 0.25, 0.16, 0.05 5796665 packets received 2703533 acks (for 1066489852 bytes) 3301088 packets (900448165 bytes) received in-sequence 107878 completely duplicate packets (10966707 bytes) 987 packets with some dup. data (122695 bytes duped) 198927 out-of-order packets (40226774 bytes) ----- janus ----- 2:38pm up 11 days, 4:52, 1 user, load average: 0.02, 0.06, 0.02 28417190 packets received 19533317 acks (for 371944057 bytes) 21278080 packets (176197867 bytes) received in-sequence 51170 completely duplicate packets (12418673 bytes) 519 packets with some dup. data (63691 bytes duped) 199859 out-of-order packets (69912188 bytes) That's 6.4 percent on elgreco, and 2.3 percent on janus, of all data packets received out-of-order. I wouldn't define that as "rare", especially given the (additional) performance penalties for dropping them instead of queueing them. -- Harald Koch <chk@utcc.utoronto.ca>
- Comments on draft-ietf-ipsec-new-auth-00.txt Rob Glenn
- Re: Comments on draft-ietf-ipsec-new-auth-00.txt David P. Kemp
- Re: Comments on draft-ietf-ipsec-new-auth-00.txt Stephen Kent
- Re: Comments on draft-ietf-ipsec-new-auth-00.txt Thomas Narten
- Re: Comments on draft-ietf-ipsec-new-auth-00.txt Naganand Doraswamy
- Re: Comments on draft-ietf-ipsec-new-auth-00.txt Steven Bellovin
- Re: Comments on draft-ietf-ipsec-new-auth-00.txt Stephen Kent
- Re: Comments on draft-ietf-ipsec-new-auth-00.txt Stephen Kent
- Re: Comments on draft-ietf-ipsec-new-auth-00.txt Thomas Narten
- Re: Comments on draft-ietf-ipsec-new-auth-00.txt Daniel Harkins
- Re: Comments on draft-ietf-ipsec-new-auth-00.txt Vern Paxson
- Re: Comments on draft-ietf-ipsec-new-auth-00.txt C. Harald Koch
- Re: Comments on draft-ietf-ipsec-new-auth-00.txt Thomas Narten
- Re: Comments on draft-ietf-ipsec-new-auth-00.txt Norman Shulman
- Re: Comments on draft-ietf-ipsec-new-auth-00.txt Daniel Harkins
- Re: Comments on draft-ietf-ipsec-new-auth-00.txt Angelos D. Keromytis
- Re: Comments on draft-ietf-ipsec-new-auth-00.txt Bill Sommerfeld
- Re: Comments on draft-ietf-ipsec-new-auth-00.txt Perry E. Metzger
- Re: Comments on draft-ietf-ipsec-new-auth-00.txt Daniel Harkins
- Re: Comments on draft-ietf-ipsec-new-auth-00.txt Steven M. Bellovin
- Re: Comments on draft-ietf-ipsec-new-auth-00.txt Stephen Kent
- Re: Comments on draft-ietf-ipsec-new-auth-00.txt Stephen Kent
- Re: Comments on draft-ietf-ipsec-new-auth-00.txt Steven M. Bellovin
- Re: Comments on draft-ietf-ipsec-new-auth-00.txt Stephen Kent